Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

FBI Moneypak, computer can't function.. [Closed]

Started by drewdreworld , Dec 19 2012 03:24 PM

This topic is locked

#16
Aaron

Posted 26 December 2012 - 05:11 PM

Expert

Expert
3,155 posts

I'm going to do an extra check:

Download Farbar Recovery Scan Tool and save it to a flash drive.

Boot with the OTLPE cd as you did before

Insert the flash drive with FRST on it
Locate the flash drive and run FSRT
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive.
After that typ this in the search box: autochk.exe and click Search files, this will create a file Search.txt

Please post both logs.

#17
drewdreworld

Posted 26 December 2012 - 06:23 PM

Member

Topic Starter
Member
90 posts

So I did the search and it said it saved the search.txt to my flash drive (like it did with the scan) but there's none to be found.. can try again if you want. I'm wondering if no search.txt because it didn't find the file maybe? Just my totally uneducated guess =D in any case, here's the FRST.txt ..... and I found the search.txt on the flash drive with this PC even though it didn't show on the other O.o

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2012 01
Ran by SYSTEM at 26-12-2012 18:37:44
Running from K:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet004

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [131072 2004-12-20] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [15494464 2012-02-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1634112 2012-02-09] ()
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [221184 2003-11-03] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [180269 2005-10-16] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default User\...\Run: [RecordNow!] [x]
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Owner\...\Run: [Spotify Web Helper] "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-09-11] ()
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 97.81.22.195 71.92.29.130 24.217.201.67
Tcpip\..\Interfaces\{4745F59C-FBD1-4DED-BD5E-E2E880676947}: [NameServer]192.168.1.1

==================== Services (Whitelisted) ===================

4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-13] ()
3 ALG; C:\Windows\System32\alg.exe [44544 2008-04-13] ()
2 AudioSrv; C:\Windows\System32\audiosrv.dll [42496 2008-04-13] ()
2 CSHelper; C:\WINDOWS\system32\CSHelper.exe [266240 2010-08-11] ()
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-11-05] (Flexera Software, Inc.)
2 KodakCCS; C:\Windows\System32\drivers\KodakCCS.exe [294972 2003-06-18] (Eastman Kodak Company)
3 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [1029456 2010-08-16] (Lavasoft)
2 ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [181312 2003-02-04] ()
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 WANMiniportService; "C:\WINDOWS\wanmpsvc.exe" [65536 2003-08-27] (America Online, Inc.)
4 ADBLOCK.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [x]
4 CONTENT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [x]
4 DNSCACHE.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [x]
4 FTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [x]
4 HTMLFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [x]
4 HTTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [x]
4 IMAPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
4 MAILFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [x]
4 NNTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [x]
4 POP3FILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [x]
4 PROTECT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [x]

==================== Drivers (Whitelisted) ====================

3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [68672 2003-01-09] (2Wire, Inc.)
3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [391424 2003-12-12] (Sensaura Ltd)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [35328 2003-11-07] (Advanced Micro Devices)
3 BLKWGU(Belkin); C:\Windows\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation)
3 BRGSp50; C:\Windows\System32\Drivers\BRGSp50.sys [20608 2005-06-08] (Printing Communications Assoc., Inc. (PCAUSA))
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
1 Changer; C:\Windows\System32\Drivers\Changer.sys [8192 2008-04-13] (Microsoft Corporation)
1 DcCam; C:\Windows\System32\DRIVERS\DcCam.sys [36826 2003-06-18] (Eastman Kodak Company)
3 DcFpoint; C:\Windows\System32\DRIVERS\DcFpoint.sys [61568 2003-06-18] (Eastman Kodak Company)
2 DCFS2K; C:\Windows\System32\drivers\dcfs2k.sys [38997 2003-06-18] (Eastman Kodak Company)
3 DcLps; C:\Windows\System32\DRIVERS\DcLps.sys [8058 2003-06-18] (Eastman Kodak Company)
3 DcPTP; C:\Windows\System32\DRIVERS\DcPTP.sys [63002 2003-06-18] (Eastman Kodak Company)
3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
1 Exportit; C:\Windows\System32\DRIVERS\exportit.sys [138485 2003-06-18] (Eastman Kodak Company)
0 fasttx2k; C:\Windows\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [16224 2007-01-11] (LogMeIn, Inc.)
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-07-03] (Lavasoft AB)
1 lbrtfdc; C:\Windows\System32\Drivers\lbrtfdc.sys [34688 2008-04-13] (Toshiba Corp.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
3 nvax; C:\Windows\System32\drivers\nvax.sys [53376 2005-04-13] (NVIDIA Corporation)
3 NVENET; C:\Windows\System32\DRIVERS\NVENET.sys [54784 2003-04-22] (NVIDIA Corporation)
3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [414464 2005-04-13] (NVIDIA Corporation)
0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [21120 2003-09-02] (NVIDIA Corporation)
3 rtl8139; C:\Windows\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [98392 2010-11-09] (Sunbelt Software)
3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [429440 2003-12-06] (Silicon Integrated Systems Corporation)
1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [11392 2003-12-05] (Silicon Integrated Systems Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [117760 2003-10-17] (Copyright © VIA/S3 Graphics, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [55808 2007-08-28] (Microsoft Corporation)
3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [330240 2005-08-17] (ZyDAS Technology Corporation)
3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
3 ALCXWDM; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 cd20xrnt; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 ECSIoDriver_1_1_0_0; \??\F:\ECSIoDriver.sys [x]
4 hpn; [x]
4 i2omp; [x]
3 ialm; [x]
4 ini910u; [x]
3 ltmodem5; [x]
1 MPFIREWL; [x]
4 mraid35x; [x]
2 mrtRate; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
0 PxHelp20; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
1 redbook; C:\Windows\System32\drivers\tsk3.tmp [x]
1 SASDIFSV; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
4 Simbad; [x]
4 Sparrow; [x]
3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [x]
3 Sunkfiltp; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
4 VFILT; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [x]
3 wanatw; [x]
3 WDICA; [x]
3 {6080A529-897E-4629-A488-ABA0C29B635E}; [x]
3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: belgium_id_card_service -> No Registry Path.
NETSVC: swmsflt -> No Registry Path.
NETSVC: ibmfilter -> No Registry Path.
NETSVC: tvalz -> No Registry Path.
NETSVC: USA49W2KP -> No Registry Path.
NETSVC: s7otranx -> No Registry Path.
NETSVC: DCamUSBEMPIA -> No Registry Path.
NETSVC: SE2Bmgmt -> No Registry Path.

==================== One Month Created Files and Folders ========

2012-12-26 18:36 - 2012-12-26 18:36 - 00000000 ___DC C:\FRST
2012-12-26 16:40 - 2011-07-12 21:55 - 02237440 __RAC (OldTimer Tools) C:\OTLPE.exe
2012-12-26 16:36 - 2012-12-26 16:36 - 00000000 ___DC C:\_OTL
2012-12-25 20:59 - 2012-12-25 20:59 - 00114220 ___AC C:\OTL.Txt
2012-12-20 05:07 - 2012-12-20 05:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2012-12-20 05:02 - 2012-12-20 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2012-12-20 04:42 - 2012-12-20 04:50 - 00009988 ____A C:\Windows\KB2779562.log
2012-12-20 04:42 - 2012-12-20 04:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2012-12-20 04:09 - 2012-12-20 04:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2012-12-20 03:30 - 2012-12-20 03:45 - 00017184 ____A C:\Windows\KB2761465-IE8.log
2012-12-19 16:24 - 2012-12-20 05:09 - 00018126 ____A C:\Windows\KB2758857.log
2012-12-10 02:39 - 2012-12-10 02:39 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\QuickScan
2012-12-10 02:18 - 2012-12-10 02:18 - 00000717 ____A C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
2012-12-10 02:18 - 2012-12-10 02:18 - 00000000 ____D C:\Program Files\VIO Player
2012-12-09 23:54 - 2012-12-09 23:54 - 00000382 ____A C:\Windows\DCEBOOT.RST
2012-12-09 23:54 - 2012-12-09 23:54 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-12-09 23:53 - 2012-12-09 23:53 - 00181808 ____A C:\Windows\RegBootClean.exe
2012-12-09 23:53 - 2012-12-09 23:53 - 00022064 ____A C:\Windows\DCEBoot.exe
2012-12-09 23:52 - 2012-12-10 02:31 - 00195551 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2012-12-09 23:52 - 2012-12-10 02:31 - 00194762 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2012-12-09 23:39 - 2012-12-09 23:39 - 02002944 ____A (Trend Micro Inc.) C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 00000036 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2012-11-30 22:44 - 2012-11-30 22:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Battle.net
2012-11-26 21:20 - 2012-11-26 21:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2012-11-26 21:18 - 2012-11-26 21:18 - 00000000 ___DC C:\_OTM
2012-11-26 21:18 - 2012-11-26 21:17 - 00522240 ____A (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTM.exe

==================== One Month Modified Files and Folders ========

2012-12-26 18:36 - 2012-12-26 18:36 - 00000000 ___DC C:\FRST
2012-12-26 18:25 - 2009-09-08 00:25 - 00111764 ___AC C:\aaw7boot.log
2012-12-26 16:36 - 2012-12-26 16:36 - 00000000 ___DC C:\_OTL
2012-12-26 16:36 - 2012-11-14 08:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SCC
2012-12-25 20:59 - 2012-12-25 20:59 - 00114220 ___AC C:\OTL.Txt
2012-12-20 16:29 - 2004-11-14 18:56 - 01608989 ____A C:\Windows\WindowsUpdate.log
2012-12-20 16:29 - 2004-01-20 20:19 - 00032632 ____A C:\Windows\SchedLgU.Txt
2012-12-20 16:29 - 2004-01-20 20:19 - 00000278 __ASH C:\Documents and Settings\Owner\ntuser.ini
2012-12-20 16:29 - 2004-01-20 20:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 16:29 - 2004-01-20 12:11 - 00000275 ____A C:\Windows\wiadebug.log
2012-12-20 16:29 - 2004-01-20 12:11 - 00000050 ____A C:\Windows\wiaservc.log
2012-12-20 05:26 - 2012-02-12 17:50 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-12-20 05:26 - 2004-01-20 19:04 - 00001158 ____A C:\Windows\System32\wpa.dbl
2012-12-20 05:25 - 2012-05-11 16:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\TSVNCache
2012-12-20 05:25 - 2012-02-26 21:46 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 12:08 - 00347400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-20 05:09 - 2012-12-19 16:24 - 00018126 ____A C:\Windows\KB2758857.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00246347 ____A C:\Windows\FaxSetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00118240 ____A C:\Windows\ocgen.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00094360 ____A C:\Windows\tsoc.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00081248 ____A C:\Windows\comsetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00049336 ____A C:\Windows\ntdtcsetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00043071 ____A C:\Windows\iis6.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00013680 ____A C:\Windows\ocmsn.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00012360 ____A C:\Windows\msgsocm.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00001393 ____A C:\Windows\imsins.log
2012-12-20 05:08 - 2012-02-16 15:42 - 00124311 ____A C:\Windows\setupapi.log
2012-12-20 05:07 - 2012-12-20 05:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2012-12-20 05:04 - 2004-01-20 12:09 - 00001393 ____A C:\Windows\imsins.BAK
2012-12-20 05:02 - 2012-12-20 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2012-12-20 04:58 - 2012-10-07 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-12-20 04:50 - 2012-12-20 04:42 - 00009988 ____A C:\Windows\KB2779562.log
2012-12-20 04:50 - 2007-02-16 15:02 - 00731590 ____A C:\Windows\System32\TZLog.log
2012-12-20 04:42 - 2012-12-20 04:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2012-12-20 04:09 - 2012-12-20 04:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2012-12-20 03:45 - 2012-12-20 03:30 - 00017184 ____A C:\Windows\KB2761465-IE8.log
2012-12-20 03:43 - 2012-02-16 15:42 - 00021695 ____A C:\Windows\updspapi.log
2012-12-20 03:33 - 2004-11-20 03:00 - 00000000 ____D C:\Windows\$hf_mig$
2012-12-20 03:03 - 2005-05-11 17:00 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-10 16:19 - 2012-02-26 21:46 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2012-12-10 02:39 - 2012-12-10 02:39 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\QuickScan
2012-12-10 02:31 - 2012-12-09 23:52 - 00195551 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2012-12-10 02:31 - 2012-12-09 23:52 - 00194762 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2012-12-10 02:20 - 2004-01-20 20:15 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2012-12-10 02:18 - 2012-12-10 02:18 - 00000717 ____A C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
2012-12-10 02:18 - 2012-12-10 02:18 - 00000000 ____D C:\Program Files\VIO Player
2012-12-10 00:48 - 2010-02-25 18:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\uTorrent
2012-12-09 23:54 - 2012-12-09 23:54 - 00000382 ____A C:\Windows\DCEBOOT.RST
2012-12-09 23:54 - 2012-12-09 23:54 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-12-09 23:53 - 2012-12-09 23:53 - 00181808 ____A C:\Windows\RegBootClean.exe
2012-12-09 23:53 - 2012-12-09 23:53 - 00022064 ____A C:\Windows\DCEBoot.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 02002944 ____A (Trend Micro Inc.) C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 00000036 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2012-12-09 20:20 - 2012-10-07 14:48 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2012-12-08 17:31 - 2012-10-07 17:14 - 00002501 ____A C:\Documents and Settings\Owner\Desktop\Microsoft Word 2010 (2).lnk
2012-12-06 17:19 - 2012-10-26 22:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-04 18:10 - 2009-09-01 17:14 - 00000472 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-12-04 07:13 - 2006-09-12 23:54 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-11-30 23:03 - 2011-05-15 23:16 - 00000000 ____D C:\Program Files\StarCraft II
2012-11-30 23:03 - 2008-07-25 15:23 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2012-11-30 22:45 - 2012-11-30 22:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Battle.net
2012-11-26 21:20 - 2012-11-26 21:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2012-11-26 21:18 - 2012-11-26 21:18 - 00000000 ___DC C:\_OTM
2012-11-26 21:17 - 2012-11-26 21:18 - 00522240 ____A (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTM.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-12-20 03:01 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2003

RP: -> 2012-12-09 18:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2002

RP: -> 2012-12-08 18:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2001

RP: -> 2012-12-07 16:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2000

RP: -> 2012-12-06 15:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1999

RP: -> 2012-12-05 14:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1998

RP: -> 2012-12-04 14:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1997

RP: -> 2012-12-03 13:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1996

RP: -> 2012-12-02 12:46 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1995

RP: -> 2012-12-01 12:30 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1994

RP: -> 2012-11-30 09:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1993

RP: -> 2012-11-29 08:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1992

RP: -> 2012-11-28 03:26 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1991

RP: -> 2012-11-26 21:24 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1990

RP: -> 2012-11-26 17:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1989

RP: -> 2012-11-25 13:24 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1988

RP: -> 2012-11-24 11:12 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1987

RP: -> 2012-11-23 10:05 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1986

RP: -> 2012-11-22 09:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1985

RP: -> 2012-11-21 08:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1984

RP: -> 2012-11-20 08:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1983

RP: -> 2012-11-19 08:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1982

RP: -> 2012-11-18 07:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1981

RP: -> 2012-11-17 07:40 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1980

RP: -> 2012-11-16 05:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1979

RP: -> 2012-11-15 05:16 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1978

RP: -> 2012-11-14 03:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1977

RP: -> 2012-11-13 10:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1976

RP: -> 2012-11-12 10:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1975

RP: -> 2012-11-11 09:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1974

RP: -> 2012-11-10 08:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1973

RP: -> 2012-11-09 08:10 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1972

RP: -> 2012-11-08 04:44 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1971

RP: -> 2012-11-07 03:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1970

RP: -> 2012-11-06 03:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1969

RP: -> 2012-11-05 14:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1968

RP: -> 2012-11-05 08:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1967

RP: -> 2012-11-04 06:16 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1966

RP: -> 2012-11-03 05:44 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1965

RP: -> 2012-11-02 04:11 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1964

RP: -> 2012-11-01 03:45 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1963

RP: -> 2012-10-31 02:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1962

RP: -> 2012-10-30 02:48 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1961

RP: -> 2012-10-29 02:47 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1960

RP: -> 2012-10-27 23:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1959

RP: -> 2012-10-26 22:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1958

RP: -> 2012-10-25 22:18 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1957

RP: -> 2012-10-24 21:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1956

RP: -> 2012-10-23 21:14 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1955

RP: -> 2012-10-22 20:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1954

RP: -> 2012-10-21 19:56 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1953

RP: -> 2012-10-20 15:13 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1952

RP: -> 2012-10-19 11:02 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1951

RP: -> 2012-10-18 10:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1950

RP: -> 2012-10-17 09:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1949

RP: -> 2012-10-16 08:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1948

RP: -> 2012-10-15 07:54 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1947

RP: -> 2012-10-14 07:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1946

RP: -> 2012-10-13 02:57 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1945

RP: -> 2012-10-12 02:25 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1944

RP: -> 2012-10-11 02:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1943

RP: -> 2012-10-10 03:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1942

RP: -> 2012-10-09 02:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1941

RP: -> 2012-10-08 02:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1940

RP: -> 2012-10-07 16:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1939

RP: -> 2012-10-07 14:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1938

RP: -> 2012-10-07 14:39 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1937

RP: -> 2012-10-06 20:54 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1936

RP: -> 2012-10-05 18:25 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1935

RP: -> 2012-10-04 16:23 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1934

RP: -> 2012-10-03 15:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1933

RP: -> 2012-10-02 15:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1932

RP: -> 2012-10-01 15:42 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1931

RP: -> 2012-09-30 15:21 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1930

RP: -> 2012-09-29 14:21 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1929

RP: -> 2012-09-28 14:13 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1928

RP: -> 2012-09-27 10:30 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1927

RP: -> 2012-09-26 08:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1926

RP: -> 2012-09-25 07:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1925

RP: -> 2012-09-24 07:20 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1924

RP: -> 2012-09-23 06:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1923

RP: -> 2012-09-22 06:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1922

RP: -> 2012-09-21 20:02 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1921

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2047.3 MB
Available physical RAM: 1757.21 MB
Total Pagefile: 1878.03 MB
Available Pagefile: 1805.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (HP_PAVILION) (Fixed) (Total:185.45 GB) (Free:14.61 GB) NTFS ==>[Drive with boot components (Windows XP)]
9 Drive i: (HP_RECOVERY) (Fixed) (Total:4.45 GB) (Free:0.37 GB) FAT32 ==>[Drive with boot components (Windows XP)]
11 Drive k: (HITMANPRO) (Removable) (Total:14.5 GB) (Free:14.48 GB) FAT32
12 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 190 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4570 MB 32 KB
Partition 2 Primary 185 GB 4570 MB
=========================================================

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 I HP_RECOVERY FAT32 Partition 4570 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C HP_PAVILION NTFS Partition 185 GB Healthy
=========================================================
==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-26 19:13:14
Running from K:\

================== Search: "autochk.exe" ===================

C:\WINDOWS\system32\autochk.exe
[2004-01-20 19:03] - [2008-04-13 19:12] - 0588800 ____A ()

C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2004-08-04 02:56] - [2008-04-13 19:12] - 0588800 ____C (Microsoft Corporation) 23043c91a0f9dfb4b9e9f87b680863b4

C:\WINDOWS\I386\AUTOCHK.EXE
[2004-02-12 15:56] - [2002-08-29 07:00] - 0565760 ____C (Microsoft Corporation) c29ea308913fec2af4f977ef718a3574

C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2008-08-19 04:45] - [2004-08-04 02:56] - 0588800 ____C (Microsoft Corporation) b3415b9d6026f65e43089abed096c38c

C:\cmdcons\autochk.exe
[2004-04-26 16:13] - [2002-08-29 07:00] - 0565760 ___AC (Microsoft Corporation) c29ea308913fec2af4f977ef718a3574

=== End Of Search ===

#18
Aaron

Posted 27 December 2012 - 05:28 AM

Expert

Expert
3,155 posts

There are some microsoft files corrupted / infected that make this computer unbootable. I have to replace them with backups.

Copy the attached fix.txt

fix.txt 178bytes 79 downloads to a USB
Copy the attached scan.txt

scan.txt 42bytes 89 downloads to a USB

Start OTLPE as you did previously from CD

Insert your USB drive with fix.txt and scan.txt on it
Start OTLPE
Drag and drop fix.txt into the Custom scans and fixes box
If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top
When the fix is completed drag and drop scan.txt Custom scans and fixes box and click Run scan.

Please post the logs from the fix and scan in your next reply.

#19
drewdreworld

Posted 27 December 2012 - 03:41 PM

Member

Topic Starter
Member
90 posts

OTL won't reboot when it's on reatogo on its own so I rebooted with the start menu and that didn't seem to do the trick =\ also when I did the custom scan, it gave me the message that it wasn't a valid file or something so I opened it and copy+pasted it into the custom scan/fix section and hit the run scan. I'm thinking this probably was the same thing in the long run?

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session manager\\BootExecute:lsdelete deleted successfully.
C:\WINDOWS\system32\lsdelete.exe moved successfully.
========== FILES ==========
Unable to replace file: C:\WINDOWS\System32\autochk.exe with C:\WINDOWS\$NtServicePackUninstall$\autochk.exe without a reboot.

OTLPE by OldTimer - Version 3.1.48.0 log created on 12272012_161341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 12/27/2012 4:25:01 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.45 Gb Total Space | 14.61 Gb Free Space | 7.88% Space Free | Partition Type: NTFS
Drive D: | 14.50 Gb Total Space | 14.48 Gb Free Space | 99.87% Space Free | Partition Type: FAT32
Drive J: | 4.45 Gb Total Space | 0.37 Gb Free Space | 8.31% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2012/11/05 14:47:18 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/10/26 22:31:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/07 16:34:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/09 23:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/16 22:38:13 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/11 21:10:51 | 000,266,240 | ---- | M] () [Auto] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] () [On_Demand] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] () [Auto] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:49 | 000,017,408 | ---- | M] () [Disabled] -- C:\WINDOWS\System32\alrsvc.dll -- (Alerter)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/08/27 09:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/06/18 08:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Auto] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 07:22:30 | 000,181,312 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (Sunkfiltp)
DRV - File not found [Kernel | On_Demand] -- -- (SunkFilt)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | System] -- -- (SASDIFSV)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | Boot] -- -- (PxHelp20)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (mrtRate)
DRV - File not found [Kernel | On_Demand] -- -- (ltmodem5)
DRV - File not found [Kernel | On_Demand] -- -- (ialm)
DRV - File not found [Kernel | On_Demand] -- -- (ECSIoDriver_1_1_0_0)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - File not found [Kernel | On_Demand] -- -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - File not found [Kernel | On_Demand] -- -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/04/13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 14:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/01/11 16:09:13 | 000,016,224 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2005/11/10 09:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/08/17 14:43:20 | 000,330,240 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zd1211bu.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\brgsp50.sys -- (BRGSp50)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/04/19 14:42:00 | 000,035,143 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\MpFireWl.VXD -- (MPFIREWL)
DRV - [2003/12/12 09:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxsens.sys -- (ALCXSENS)
DRV - [2003/12/06 05:13:42 | 000,429,440 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/05 19:25:54 | 000,011,392 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/07 22:00:00 | 000,035,328 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/09/02 16:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2003/06/18 08:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 08:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 08:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 08:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 08:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 08:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2003/04/22 00:18:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/01/09 00:12:46 | 000,068,672 | R--- | M] (2Wire, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\2wirepcp.sys -- (2WIREPCP)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\r8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://gsw8.view.us...tate University
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 9C 3A 3C BE 85 CC 01 [binary data]
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 22:31:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 22:31:26 | 000,000,000 | ---D | M]

[2006/08/08 16:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\77t67ucd.default\extensions
[2012/10/26 22:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 22:31:23 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/10/26 22:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\components
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2012/10/26 22:31:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/01/15 12:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 00:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2008/01/23 01:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2006/05/16 16:54:15 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/10/13 05:30:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 05:30:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/26 16:36:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\Guest_ON_C\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll ()
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll ()
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll ()
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll ()
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Owner_ON_C..\Run: [Spotify Web Helper] C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...sa/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.2.1.87.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1316033239015 (WUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} http://www.fastacces...bls_speedop.cab (BLS_SpeedOP.systemcheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://www.windowsec...scan/axscan.cab (ASquaredScanForm Element)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} http://www.stopzilla...ller/dwnldr.cab (Downloader Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...sa/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/20 20:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/12/26 18:36:29 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/26 16:40:24 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/12/26 16:36:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/10 02:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2012/12/10 02:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VIO Player
[2012/12/10 02:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\VIO Player
[2012/12/09 23:39:04 | 002,002,944 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2012/11/30 22:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2010/08/11 21:09:56 | 001,715,904 | ---- | C] (ArtistScope) -- C:\Program Files\Synapse_FX_42.exe
[2006/01/08 16:42:31 | 004,057,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmfdist.exe
[2005/11/28 17:07:13 | 034,412,848 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[2005/08/10 09:56:15 | 015,591,520 | ---- | C] (ACD Systems Ltd. ) -- C:\Program Files\acdsee.exe
[2005/07/04 22:47:38 | 002,439,339 | ---- | C] (SoftTech InterCorp ) -- C:\Program Files\imgconvert.exe

========== Files - Modified Within 30 Days ==========

[2012/12/26 18:25:36 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/26 18:25:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/20 05:26:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/20 05:25:40 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/20 05:04:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/10 02:31:57 | 000,195,551 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/12/10 02:31:56 | 000,194,762 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/12/10 02:18:17 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
[2012/12/10 02:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VIO Player
[2012/12/09 23:54:36 | 000,000,382 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2012/12/09 23:53:20 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/12/09 23:53:20 | 000,022,064 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/12/09 23:39:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/12/09 23:39:05 | 002,002,944 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2012/12/08 17:31:11 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word 2010 (2).lnk
[2012/12/04 18:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/12/04 07:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012/12/10 02:18:17 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
[2012/12/09 23:54:35 | 000,000,382 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2012/12/09 23:53:20 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/12/09 23:53:20 | 000,022,064 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/12/09 23:52:46 | 000,195,551 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/12/09 23:52:32 | 000,194,762 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/12/09 23:39:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/05/28 10:53:36 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2012/05/13 21:18:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/02/26 21:46:38 | 000,014,536 | ---- | C] () -- C:\Documents and Settings\UpdatusUser\ml1.srt
[2012/02/26 21:46:38 | 000,014,226 | ---- | C] () -- C:\Documents and Settings\UpdatusUser\ml2.srt
[2012/02/26 21:46:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\fusioncache.dat
[2012/02/16 12:43:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/25 06:57:33 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/24 09:41:50 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/24 09:41:50 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/18 04:47:42 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/24 13:51:30 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/24 13:44:54 | 000,293,312 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/24 13:44:44 | 000,293,312 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/24 13:44:44 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/03 00:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/12 14:37:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2011/06/02 20:08:38 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/06 16:33:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/11 21:10:51 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/04/23 02:00:03 | 000,000,005 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/04/23 02:00:03 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/12/16 06:27:40 | 000,037,576 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/30 21:14:21 | 000,056,845 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2008/03/07 01:11:25 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/04/13 12:31:03 | 000,103,984 | ---- | C] () -- C:\WINDOWS\System32\AOLDial.dll
[2007/03/16 01:36:36 | 000,146,839 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Cosmos Prefs
[2006/08/08 16:33:41 | 000,014,536 | ---- | C] () -- C:\Documents and Settings\Guest\ml1.srt
[2006/08/08 16:33:41 | 000,014,226 | ---- | C] () -- C:\Documents and Settings\Guest\ml2.srt
[2006/08/08 16:33:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2006/05/09 23:14:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/05/04 00:34:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\asuninst.exe
[2006/04/28 18:03:52 | 000,012,486 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/06 12:16:20 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/02/13 17:47:43 | 010,284,336 | ---- | C] () -- C:\Program Files\Avast Setup.exe
[2006/02/11 18:24:15 | 001,847,742 | ---- | C] () -- C:\Program Files\InstallSB.exe
[2006/01/22 21:59:28 | 000,045,540 | ---- | C] () -- C:\Program Files\untitled image
[2006/01/08 16:40:15 | 011,284,970 | ---- | C] () -- C:\Program Files\cdbxp_setup_3.0.116.zip
[2005/12/11 23:53:42 | 000,937,001 | ---- | C] () -- C:\Program Files\slsk156c.exe
[2005/12/10 22:19:28 | 001,014,477 | ---- | C] () -- C:\Program Files\wrar351.exe
[2005/12/10 15:41:58 | 003,620,864 | ---- | C] () -- C:\Program Files\Final_Fantasy_7_TurksInPursuit_OC_ReMix.mp3
[2005/12/10 15:40:40 | 004,630,453 | ---- | C] () -- C:\Program Files\Final_Fantasy_7_FightOn_OC_ReMix.mp3
[2005/12/10 15:34:10 | 004,168,636 | ---- | C] () -- C:\Program Files\zelda.mp3
[2005/11/30 17:39:07 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/17 17:37:27 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\Owner\Ebay2.html
[2005/11/17 17:27:48 | 000,002,675 | ---- | C] () -- C:\Documents and Settings\Owner\ebay.html
[2005/11/15 23:38:00 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/11/06 14:28:04 | 000,010,930 | ---- | C] () -- C:\Program Files\mariel's senior outlne.htm
[2005/11/04 21:47:35 | 000,001,619 | ---- | C] () -- C:\Program Files\Baja.jpg
[2005/10/31 19:10:12 | 002,298,775 | ---- | C] () -- C:\Program Files\jcrea350.zip
[2005/08/20 13:07:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/08/17 23:07:05 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/08/12 22:24:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/07/04 22:48:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AltST.dll
[2005/03/31 10:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/03/04 14:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/12/18 22:12:27 | 000,007,376 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/17 13:51:03 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2004/12/14 14:33:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\IN1LOS151.ini
[2004/12/12 16:31:05 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\aamd532.dll
[2004/12/12 16:09:01 | 000,000,181 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/12/12 16:09:01 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/10 11:36:59 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2004/12/10 11:35:48 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2004/12/10 11:35:33 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2004/12/10 11:35:30 | 000,803,680 | ---- | C] () -- C:\WINDOWS\System32\AXDIST.EXE
[2004/12/10 11:35:23 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2004/12/10 11:35:23 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2004/12/10 11:21:44 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2004/12/10 11:21:44 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2004/12/10 11:21:44 | 000,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2004/12/10 11:21:44 | 000,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2004/12/10 11:21:44 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2004/12/10 11:21:11 | 000,001,315 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2004/11/14 19:44:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 17:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/20 21:10:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004/09/19 09:41:34 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\3dfx_3d.dll
[2004/08/26 21:02:59 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2004/08/26 21:02:55 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2004/08/17 17:47:21 | 000,000,490 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/08/15 20:57:30 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2004/08/05 16:49:12 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/08/05 16:49:12 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/08/04 02:56:47 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\auditusr.exe
[2004/08/04 02:56:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ativtmxx.dll
[2004/08/04 02:56:41 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\bthserv.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/06/09 19:08:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2004/05/09 00:47:37 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2004/04/29 21:22:45 | 000,199,168 | ---- | C] () -- C:\WINDOWS\Uninstall.exe
[2004/04/27 19:55:27 | 000,024,659 | ---- | C] () -- C:\WINDOWS\System32\aolddial.dll
[2004/04/26 19:13:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/26 16:21:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2004/04/26 16:21:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2004/04/26 16:13:25 | 000,007,287 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2004/04/26 16:12:59 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/03/30 15:47:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\nl_msgs.dll
[2004/03/30 15:47:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\nl_msgc.dll
[2004/02/26 13:20:16 | 000,065,588 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/02/12 15:45:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/02/12 15:45:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/02/12 15:45:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/02/12 15:45:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/02/12 15:44:48 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\capesnpn.dll
[2004/02/12 15:44:48 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\camocx.dll
[2004/02/12 15:44:48 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cacls.exe
[2004/02/12 15:44:47 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\browsewm.dll
[2004/02/12 15:44:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\browselc.dll
[2004/02/12 15:44:46 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\bidispl.dll
[2004/02/12 15:44:46 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\bootok.exe
[2004/02/12 15:44:45 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\avifil32.dll
[2004/02/12 15:44:45 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\basesrv.dll
[2004/02/12 15:44:45 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\batmeter.dll
[2004/02/12 15:44:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\avmeter.dll
[2004/02/12 15:44:45 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\batt.dll
[2004/02/12 15:44:44 | 000,602,624 | ---- | C] () -- C:\WINDOWS\System32\autoconv.exe
[2004/02/12 15:44:44 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\authz.dll
[2004/02/12 15:44:44 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\audiosrv.dll
[2004/02/12 15:44:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\atmpvcno.dll
[2004/02/12 15:44:44 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\atmlib.dll
[2004/02/12 15:44:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\attrib.exe
[2004/02/12 15:44:44 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\autolfn.exe
[2004/02/12 15:44:44 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\atmadm.exe
[2004/02/12 15:44:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\asycfilt.dll
[2004/02/12 15:44:43 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\at.exe
[2004/02/12 15:44:41 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\arp.exe
[2004/02/12 15:44:40 | 000,125,952 | ---- | C] () -- C:\WINDOWS\System32\apphelp.dll
[2004/02/12 15:44:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ahui.exe
[2004/02/12 15:44:40 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\alg.exe
[2004/02/12 15:44:40 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\alrsvc.dll
[2004/02/12 15:44:38 | 000,263,680 | ---- | C] () -- C:\WINDOWS\System32\adsnt.dll
[2004/02/12 15:44:38 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\adsldp.dll
[2004/02/12 15:44:38 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\adsldpc.dll
[2004/02/12 15:44:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\adsmsext.dll
[2004/02/12 15:44:38 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\adptif.dll
[2004/02/12 15:44:37 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\activeds.dll
[2004/02/12 15:44:37 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\aclui.dll
[2004/02/12 15:44:37 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\actxprxy.dll
[2004/02/12 15:44:37 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\actmovie.exe
[2004/02/12 15:21:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/02/12 15:21:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/02/12 15:21:29 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/02/12 15:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/02/12 15:21:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2004/01/22 04:26:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/22 04:26:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/21 15:21:08 | 001,025,024 | ---- | C] () -- C:\WINDOWS\System32\browseui.dll
[2004/01/21 05:04:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/21 04:52:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/20 23:04:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/20 23:02:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/20 22:59:54 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2004/01/20 22:56:41 | 000,030,197 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/20 22:56:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/20 22:55:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/20 22:42:36 | 000,000,600 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/20 22:34:02 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/20 22:12:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\accwiz.exe
[2004/01/20 21:54:01 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/20 21:53:56 | 000,018,341 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2004/01/20 21:53:56 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2004/01/20 21:47:44 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2004/01/20 21:47:44 | 000,028,885 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2004/01/20 21:39:28 | 000,015,415 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/01/20 21:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/01/20 21:30:23 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/01/20 21:30:23 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/01/20 21:21:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/20 21:14:41 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/01/20 21:14:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Audio3D.dll
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/01/20 21:10:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/01/20 20:50:53 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\blackbox.dll
[2004/01/20 20:50:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\asferror.dll
[2004/01/20 20:47:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/20 20:38:07 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/20 20:38:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/20 20:37:39 | 000,022,016 | --S- | C] () -- C:\WINDOWS\System32\borlndmm.dll
[2004/01/20 20:37:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/20 20:36:28 | 000,014,536 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
[2004/01/20 20:36:28 | 000,014,226 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt
[2004/01/20 20:20:37 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/20 20:18:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/20 20:14:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/20 19:05:12 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/20 19:04:38 | 000,434,964 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/20 19:04:38 | 000,069,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/20 19:04:01 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\cabinet.dll
[2004/01/20 19:03:59 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
[2004/01/20 19:03:59 | 000,580,608 | ---- | C] () -- C:\WINDOWS\System32\autofmt.exe
[2004/01/20 12:09:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/20 12:08:48 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/16 00:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/03/07 01:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/02/04 07:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2002/12/05 17:51:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/09/08 15:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2006/02/14 16:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2006/08/08 16:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Aim
[2006/08/08 16:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG7
[2004/01/21 04:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\interMute
[2007/06/15 07:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\NCH Swift Sound
[2007/06/15 07:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\RecordPad
[2004/01/20 23:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2007/06/15 07:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Viewpoint
[2011/10/02 17:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Babylon
[2011/07/08 02:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2005/12/05 20:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2005/08/10 09:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2005/12/05 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2012/02/06 01:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/03/14 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2011/10/02 07:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2011/08/03 04:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Crayon Physics Deluxe
[2007/03/13 23:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Helios
[2006/05/25 23:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/04/26 20:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/07/27 15:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Keynote Systems
[2004/06/25 01:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/01/23 16:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LockTime
[2005/09/24 08:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lycos
[2008/07/30 02:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/09/27 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ourTunes
[2012/12/10 02:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2007/03/15 16:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RecordPad
[2011/11/15 18:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RIFT
[2004/01/20 23:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/06/04 03:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
[2012/11/15 22:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
[2010/08/22 05:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StealthBot
[2004/05/01 15:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOPzilla!
[2010/01/27 19:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Subversion
[2010/06/03 18:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2012/05/11 14:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systweak
[2005/11/14 00:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/06/01 15:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2012/12/10 00:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/06/15 07:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2012/03/04 11:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wsInspector
[2004/01/21 04:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\interMute
[2004/01/20 23:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\SampleView
[2009/07/29 16:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/14 18:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/10/02 23:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/11/30 22:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2006/05/09 23:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/09/12 14:37:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/02/28 02:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2007/03/15 16:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/07/29 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/17 03:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/12/04 18:10:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/22 06:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ALG.EXE >
[2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\ServicePackFiles\i386\alg.exe
[2004/08/04 02:56:47 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=F1958FBF86D5C004CF19A5951A9514B7 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe
[2008/04/13 19:12:12 | 000,044,544 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\alg.exe

< MD5 for: AUDIOSRV.DLL >
[2004/08/04 02:56:41 | 000,042,496 | ---- | M] (Microsoft Corporation) MD5=DB66DB626E4882EBEF55F136F12C1829 -- C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
[2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) MD5=DEF7A7882BEC100FE0B2CE2549188F9D -- C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
[2008/04/13 19:11:50 | 000,042,496 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\audiosrv.dll
< End of report >

#20
Aaron

Posted 27 December 2012 - 04:17 PM

Expert

Expert
3,155 posts

Yes, copy & paste is the same as dragging it in.

Normally after this fix your computer should boot again:

Copy the attached fix.txt

fix.txt 289bytes 100 downloads to a USB
Start OTLPE as you did previously from CD

Insert your USB drive with fix.txt on it
Start OTLPE
Drag and drop fix.txt into the Custom scans and fixes box
If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done to normal mode if possible

#21
drewdreworld

Posted 27 December 2012 - 06:46 PM

Member

Topic Starter
Member
90 posts

I took the disc out after I told it to restart (from the start menu), OTLPE once again asked me to reboot before changes could take affect but it wouldn't reboot the pc itself again. When I removed the disc and booted it up it gave me the autochk message and then the split second of the black(dos?) screen with some text but it kicked back to startup again before I could read it (as always). =\

#22
Aaron

Posted 28 December 2012 - 02:25 AM

Expert

Expert
3,155 posts

I'll try that other tool we used before:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the flashdrive as fixlist.txt

Unlock: C:\WINDOWS\System32\autochk.exe
Replace: C:\WINDOWS\$NtServicePackUninstall$\autochk.exe C:\WINDOWS\System32\autochk.exe
Unlock: C:\WINDOWS\system32\alg.exe
Replace: C:\WINDOWS\ServicePackFiles\i386\alg.exe C:\WINDOWS\system32\alg.exe
Unlock: C:\WINDOWS\system32\audiosrv.dll
Replace: C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll C:\WINDOWS\system32\audiosrv.dll

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system On Vista or Windows 7

Now please boot with the OTLPE cd as you did before.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

#23
drewdreworld

Posted 28 December 2012 - 01:14 PM

Member

Topic Starter
Member
90 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-28 14:13:19 Run:1
Running from D:\

==============================================

permissions for C:\WINDOWS\System32\autochk.exe restored successfully
Could not move C:\WINDOWS\System32\autochk.exe.
Could not replece C:\WINDOWS\System32\autochk.exe
permissions for C:\WINDOWS\system32\alg.exe restored successfully
Could not move C:\WINDOWS\system32\alg.exe.
Could not replece C:\WINDOWS\system32\alg.exe
permissions for C:\WINDOWS\system32\audiosrv.dll restored successfully
Could not move C:\WINDOWS\system32\audiosrv.dll.
Could not replece C:\WINDOWS\system32\audiosrv.dll

==== End of Fixlog ====

#24
Aaron

Posted 28 December 2012 - 01:26 PM

Expert

Expert
3,155 posts

This does not look good. There are a lot of files corrupted and the file system too probably. We need to let Windows correct this and hope it works. Be sure not to shut down the computer anymore by holding the power key, this can cause write errors on the hard drive that mess up the file system.

You will need to boot in the recovery console again.
Enter the number of your main installation. (1 for C:\Windows most likely)
If prompted to do so, enter your Administrator password. If you don't have one, leave it blank and press enter.
From the command prompt, enter: chkdsk c: /f (note the space between chkdsk and c: and /r)
Allow it to complete undisturbed.

When it's done type exit and reboot with the cd and make a new Farbar Recovery Tool log please.

Aaron

#25
drewdreworld

Posted 28 December 2012 - 02:59 PM

Member

Topic Starter
Member
90 posts

I just want to double check before I get this started..

From the command prompt, enter: chkdsk c: /f (note the space between chkdsk and c: and /r)

Does the /r part refer to the /f? Or should I be putting /r? I'm assuming you're saying note the space between the /f but I want to be sure before I do this.

I understand the issues are pretty severe at this point. I much appreciate all your help with it

#26
Aaron

Posted 28 December 2012 - 03:02 PM

Expert

Expert
3,155 posts

Sorry about that, use this one : chkdsk c: /r

#27
drewdreworld

Posted 28 December 2012 - 03:07 PM

Member

Topic Starter
Member
90 posts

I've got the chkdsk running now. When you say the farbar recovery tool log, am I to just run the normal scan and post that log?

#28
Aaron

Posted 28 December 2012 - 03:10 PM

Expert

Expert
3,155 posts

Same as post 16: http://www.geekstogo...ost__p__2241950
But without the search files.

#29
drewdreworld

Posted 28 December 2012 - 05:21 PM

Member

Topic Starter
Member
90 posts

At the end of the chkdsk, it says "CHKDSK found and fixed one or more errors on the volume." Thought this might be worth noting although it's quite possible (I'm assuming) it didn't fix what we are looking for. After that all it said was random information about how much bytes were available and what not. Here's the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2012 01
Ran by SYSTEM at 28-12-2012 18:08:42
Running from K:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet004

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [131072 2004-12-20] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [15494464 2012-02-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1634112 2012-02-09] ()
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [221184 2003-11-03] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [180269 2005-10-16] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default User\...\Run: [RecordNow!] [x]
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Owner\...\Run: [Spotify Web Helper] "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-09-11] ()
HKLM\...\Runonce: [OTL] "X:\Programs\OTLPE\OTLPE.exe" [x]
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 97.81.22.195 71.92.29.130 24.217.201.67
Tcpip\..\Interfaces\{4745F59C-FBD1-4DED-BD5E-E2E880676947}: [NameServer]192.168.1.1

==================== Services (Whitelisted) ===================

2 CSHelper; C:\WINDOWS\system32\CSHelper.exe [266240 2010-08-11] ()
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-11-05] (Flexera Software, Inc.)
2 KodakCCS; C:\Windows\System32\drivers\KodakCCS.exe [294972 2003-06-18] (Eastman Kodak Company)
3 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [1029456 2010-08-16] (Lavasoft)
2 ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [181312 2003-02-04] ()
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 WANMiniportService; "C:\WINDOWS\wanmpsvc.exe" [65536 2003-08-27] (America Online, Inc.)
4 ADBLOCK.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [x]
4 Alerter; C:\Windows\System32\alrsvc.dll [x]
3 ALG; C:\Windows\System32\alg.exe [x]
2 AudioSrv; C:\Windows\System32\audiosrv.dll [x]
4 CONTENT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [x]
4 DNSCACHE.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [x]
4 FTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [x]
4 HTMLFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [x]
4 HTTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [x]
4 IMAPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
4 MAILFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [x]
4 NNTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [x]
4 POP3FILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [x]
4 PROTECT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [x]

==================== Drivers (Whitelisted) ====================

3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [68672 2003-01-09] (2Wire, Inc.)
3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [391424 2003-12-12] (Sensaura Ltd)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [35328 2003-11-07] (Advanced Micro Devices)
3 BLKWGU(Belkin); C:\Windows\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation)
3 BRGSp50; C:\Windows\System32\Drivers\BRGSp50.sys [20608 2005-06-08] (Printing Communications Assoc., Inc. (PCAUSA))
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
1 Changer; C:\Windows\System32\Drivers\Changer.sys [8192 2008-04-13] (Microsoft Corporation)
1 DcCam; C:\Windows\System32\DRIVERS\DcCam.sys [36826 2003-06-18] (Eastman Kodak Company)
3 DcFpoint; C:\Windows\System32\DRIVERS\DcFpoint.sys [61568 2003-06-18] (Eastman Kodak Company)
2 DCFS2K; C:\Windows\System32\drivers\dcfs2k.sys [38997 2003-06-18] (Eastman Kodak Company)
3 DcLps; C:\Windows\System32\DRIVERS\DcLps.sys [8058 2003-06-18] (Eastman Kodak Company)
3 DcPTP; C:\Windows\System32\DRIVERS\DcPTP.sys [63002 2003-06-18] (Eastman Kodak Company)
3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
1 Exportit; C:\Windows\System32\DRIVERS\exportit.sys [138485 2003-06-18] (Eastman Kodak Company)
0 fasttx2k; C:\Windows\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [16224 2007-01-11] (LogMeIn, Inc.)
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-07-03] (Lavasoft AB)
1 lbrtfdc; C:\Windows\System32\Drivers\lbrtfdc.sys [34688 2008-04-13] (Toshiba Corp.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
3 nvax; C:\Windows\System32\drivers\nvax.sys [53376 2005-04-13] (NVIDIA Corporation)
3 NVENET; C:\Windows\System32\DRIVERS\NVENET.sys [54784 2003-04-22] (NVIDIA Corporation)
3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [414464 2005-04-13] (NVIDIA Corporation)
0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [21120 2003-09-02] (NVIDIA Corporation)
3 rtl8139; C:\Windows\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [98392 2010-11-09] (Sunbelt Software)
3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [429440 2003-12-06] (Silicon Integrated Systems Corporation)
1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [11392 2003-12-05] (Silicon Integrated Systems Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [117760 2003-10-17] (Copyright © VIA/S3 Graphics, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [55808 2007-08-28] (Microsoft Corporation)
3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [330240 2005-08-17] (ZyDAS Technology Corporation)
3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
3 ALCXWDM; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 cd20xrnt; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 ECSIoDriver_1_1_0_0; \??\F:\ECSIoDriver.sys [x]
4 hpn; [x]
4 i2omp; [x]
3 ialm; [x]
4 ini910u; [x]
3 ltmodem5; [x]
1 MPFIREWL; [x]
4 mraid35x; [x]
2 mrtRate; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
0 PxHelp20; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
1 redbook; C:\Windows\System32\drivers\tsk3.tmp [x]
1 SASDIFSV; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
4 Simbad; [x]
4 Sparrow; [x]
3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [x]
3 Sunkfiltp; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
4 VFILT; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [x]
3 wanatw; [x]
3 WDICA; [x]
3 {6080A529-897E-4629-A488-ABA0C29B635E}; [x]
3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: belgium_id_card_service -> No Registry Path.
NETSVC: swmsflt -> No Registry Path.
NETSVC: ibmfilter -> No Registry Path.
NETSVC: tvalz -> No Registry Path.
NETSVC: USA49W2KP -> No Registry Path.
NETSVC: s7otranx -> No Registry Path.
NETSVC: DCamUSBEMPIA -> No Registry Path.
NETSVC: SE2Bmgmt -> No Registry Path.

==================== One Month Created Files and Folders ========

2012-12-28 12:56 - 2012-12-28 12:56 - 00097172 ____N C:\bootex.log
2012-12-28 11:12 - 2012-12-28 11:12 - 00000000 __SHD C:\found.000
2012-12-26 18:36 - 2012-12-26 18:36 - 00000000 ___DC C:\FRST
2012-12-26 16:40 - 2011-07-12 21:55 - 02237440 __RAC (OldTimer Tools) C:\OTLPE.exe
2012-12-26 16:36 - 2012-12-26 16:36 - 00000000 ___DC C:\_OTL
2012-12-25 20:59 - 2012-12-27 16:36 - 00112298 ___AC C:\OTL.Txt
2012-12-20 05:07 - 2012-12-20 05:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2012-12-20 05:02 - 2012-12-20 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2012-12-20 04:42 - 2012-12-20 04:50 - 00009988 ____A C:\Windows\KB2779562.log
2012-12-20 04:42 - 2012-12-20 04:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2012-12-20 04:09 - 2012-12-20 04:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2012-12-20 03:30 - 2012-12-20 03:45 - 00017184 ____A C:\Windows\KB2761465-IE8.log
2012-12-19 16:24 - 2012-12-20 05:09 - 00018126 ____A C:\Windows\KB2758857.log
2012-12-10 02:39 - 2012-12-10 02:39 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\QuickScan
2012-12-10 02:18 - 2012-12-10 02:18 - 00000717 ____A C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
2012-12-10 02:18 - 2012-12-10 02:18 - 00000000 ____D C:\Program Files\VIO Player
2012-12-09 23:54 - 2012-12-09 23:54 - 00000382 ____A C:\Windows\DCEBOOT.RST
2012-12-09 23:54 - 2012-12-09 23:54 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-12-09 23:53 - 2012-12-09 23:53 - 00181808 ____A C:\Windows\RegBootClean.exe
2012-12-09 23:53 - 2012-12-09 23:53 - 00022064 ____A C:\Windows\DCEBoot.exe
2012-12-09 23:52 - 2012-12-10 02:31 - 00195551 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2012-12-09 23:52 - 2012-12-10 02:31 - 00194762 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2012-12-09 23:39 - 2012-12-09 23:39 - 02002944 ____A (Trend Micro Inc.) C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 00000036 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2012-11-30 22:44 - 2012-11-30 22:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Battle.net

==================== One Month Modified Files and Folders ========

2012-12-28 12:56 - 2012-12-28 12:56 - 00097172 ____N C:\bootex.log
2012-12-28 11:12 - 2012-12-28 11:12 - 00000000 __SHD C:\found.000
2012-12-27 16:36 - 2012-12-25 20:59 - 00112298 ___AC C:\OTL.Txt
2012-12-26 18:36 - 2012-12-26 18:36 - 00000000 ___DC C:\FRST
2012-12-26 18:25 - 2009-09-08 00:25 - 00111764 ___AC C:\aaw7boot.log
2012-12-26 16:36 - 2012-12-26 16:36 - 00000000 ___DC C:\_OTL
2012-12-26 16:36 - 2012-11-14 08:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SCC
2012-12-20 16:29 - 2004-11-14 18:56 - 01608989 ____A C:\Windows\WindowsUpdate.log
2012-12-20 16:29 - 2004-01-20 20:19 - 00032632 ____A C:\Windows\SchedLgU.Txt
2012-12-20 16:29 - 2004-01-20 20:19 - 00000278 __ASH C:\Documents and Settings\Owner\ntuser.ini
2012-12-20 16:29 - 2004-01-20 20:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 16:29 - 2004-01-20 12:11 - 00000275 ____A C:\Windows\wiadebug.log
2012-12-20 16:29 - 2004-01-20 12:11 - 00000050 ____A C:\Windows\wiaservc.log
2012-12-20 05:26 - 2012-02-12 17:50 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-12-20 05:26 - 2004-01-20 19:04 - 00001158 ____A C:\Windows\System32\wpa.dbl
2012-12-20 05:25 - 2012-05-11 16:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\TSVNCache
2012-12-20 05:25 - 2012-02-26 21:46 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 12:08 - 00347400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-20 05:09 - 2012-12-19 16:24 - 00018126 ____A C:\Windows\KB2758857.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00246347 ____A C:\Windows\FaxSetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00118240 ____A C:\Windows\ocgen.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00094360 ____A C:\Windows\tsoc.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00081248 ____A C:\Windows\comsetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00049336 ____A C:\Windows\ntdtcsetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00043071 ____A C:\Windows\iis6.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00013680 ____A C:\Windows\ocmsn.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00012360 ____A C:\Windows\msgsocm.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00001393 ____A C:\Windows\imsins.log
2012-12-20 05:08 - 2012-02-16 15:42 - 00124311 ____A C:\Windows\setupapi.log
2012-12-20 05:07 - 2012-12-20 05:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2012-12-20 05:04 - 2004-01-20 12:09 - 00001393 ____A C:\Windows\imsins.BAK
2012-12-20 05:02 - 2012-12-20 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2012-12-20 04:58 - 2012-10-07 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-12-20 04:50 - 2012-12-20 04:42 - 00009988 ____A C:\Windows\KB2779562.log
2012-12-20 04:50 - 2007-02-16 15:02 - 00731590 ____A C:\Windows\System32\TZLog.log
2012-12-20 04:42 - 2012-12-20 04:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2012-12-20 04:09 - 2012-12-20 04:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2012-12-20 03:45 - 2012-12-20 03:30 - 00017184 ____A C:\Windows\KB2761465-IE8.log
2012-12-20 03:43 - 2012-02-16 15:42 - 00021695 ____A C:\Windows\updspapi.log
2012-12-20 03:33 - 2004-11-20 03:00 - 00000000 ____D C:\Windows\$hf_mig$
2012-12-20 03:03 - 2005-05-11 17:00 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-10 16:19 - 2012-02-26 21:46 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2012-12-10 02:39 - 2012-12-10 02:39 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\QuickScan
2012-12-10 02:31 - 2012-12-09 23:52 - 00195551 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2012-12-10 02:31 - 2012-12-09 23:52 - 00194762 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2012-12-10 02:20 - 2004-01-20 20:15 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2012-12-10 02:18 - 2012-12-10 02:18 - 00000717 ____A C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
2012-12-10 02:18 - 2012-12-10 02:18 - 00000000 ____D C:\Program Files\VIO Player
2012-12-10 00:48 - 2010-02-25 18:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\uTorrent
2012-12-09 23:54 - 2012-12-09 23:54 - 00000382 ____A C:\Windows\DCEBOOT.RST
2012-12-09 23:54 - 2012-12-09 23:54 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-12-09 23:53 - 2012-12-09 23:53 - 00181808 ____A C:\Windows\RegBootClean.exe
2012-12-09 23:53 - 2012-12-09 23:53 - 00022064 ____A C:\Windows\DCEBoot.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 02002944 ____A (Trend Micro Inc.) C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 00000036 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2012-12-09 20:20 - 2012-10-07 14:48 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2012-12-08 17:31 - 2012-10-07 17:14 - 00002501 ____A C:\Documents and Settings\Owner\Desktop\Microsoft Word 2010 (2).lnk
2012-12-06 17:19 - 2012-10-26 22:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-04 18:10 - 2009-09-01 17:14 - 00000472 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-12-04 07:13 - 2006-09-12 23:54 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-11-30 23:03 - 2011-05-15 23:16 - 00000000 ____D C:\Program Files\StarCraft II
2012-11-30 23:03 - 2008-07-25 15:23 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2012-11-30 22:45 - 2012-11-30 22:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Battle.net

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-12-20 03:01 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2003

RP: -> 2012-12-09 18:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2002

RP: -> 2012-12-08 18:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2001

RP: -> 2012-12-07 16:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2000

RP: -> 2012-12-06 15:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1999

RP: -> 2012-12-05 14:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1998

RP: -> 2012-12-04 14:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1997

RP: -> 2012-12-03 13:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1996

RP: -> 2012-12-02 12:46 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1995

RP: -> 2012-12-01 12:30 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1994

RP: -> 2012-11-30 09:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1993

RP: -> 2012-11-29 08:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1992

RP: -> 2012-11-28 03:26 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1991

RP: -> 2012-11-26 21:24 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1990

RP: -> 2012-11-26 17:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1989

RP: -> 2012-11-25 13:24 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1988

RP: -> 2012-11-24 11:12 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1987

RP: -> 2012-11-23 10:05 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1986

RP: -> 2012-11-22 09:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1985

RP: -> 2012-11-21 08:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1984

RP: -> 2012-11-20 08:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1983

RP: -> 2012-11-19 08:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1982

RP: -> 2012-11-18 07:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1981

RP: -> 2012-11-17 07:40 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1980

RP: -> 2012-11-16 05:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1979

RP: -> 2012-11-15 05:16 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1978

RP: -> 2012-11-14 03:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1977

RP: -> 2012-11-13 10:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1976

RP: -> 2012-11-12 10:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1975

RP: -> 2012-11-11 09:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1974

RP: -> 2012-11-10 08:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1973

RP: -> 2012-11-09 08:10 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1972

RP: -> 2012-11-08 04:44 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1971

RP: -> 2012-11-07 03:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1970

RP: -> 2012-11-06 03:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1969

RP: -> 2012-11-05 14:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1968

RP: -> 2012-11-05 08:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1967

RP: -> 2012-11-04 06:16 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1966

RP: -> 2012-11-03 05:44 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1965

RP: -> 2012-11-02 04:11 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1964

RP: -> 2012-11-01 03:45 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1963

RP: -> 2012-10-31 02:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1962

RP: -> 2012-10-30 02:48 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1961

RP: -> 2012-10-29 02:47 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1960

RP: -> 2012-10-27 23:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1959

RP: -> 2012-10-26 22:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1958

RP: -> 2012-10-25 22:18 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1957

RP: -> 2012-10-24 21:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1956

RP: -> 2012-10-23 21:14 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1955

RP: -> 2012-10-22 20:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1954

RP: -> 2012-10-21 19:56 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1953

RP: -> 2012-10-20 15:13 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1952

RP: -> 2012-10-19 11:02 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1951

RP: -> 2012-10-18 10:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1950

RP: -> 2012-10-17 09:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1949

RP: -> 2012-10-16 08:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1948

RP: -> 2012-10-15 07:54 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1947

RP: -> 2012-10-14 07:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1946

RP: -> 2012-10-13 02:57 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1945

RP: -> 2012-10-12 02:25 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1944

RP: -> 2012-10-11 02:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1943

RP: -> 2012-10-10 03:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1942

RP: -> 2012-10-09 02:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1941

RP: -> 2012-10-08 02:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1940

RP: -> 2012-10-07 16:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1939

RP: -> 2012-10-07 14:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1938

RP: -> 2012-10-07 14:39 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1937

RP: -> 2012-10-06 20:54 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1936

RP: -> 2012-10-05 18:25 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1935

RP: -> 2012-10-04 16:23 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1934

RP: -> 2012-10-03 15:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1933

RP: -> 2012-10-02 15:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1932

RP: -> 2012-10-01 15:42 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1931

RP: -> 2012-09-30 15:21 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1930

RP: -> 2012-09-29 14:21 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1929

RP: -> 2012-09-28 14:13 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1928

RP: -> 2012-09-27 10:30 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1927

RP: -> 2012-09-26 08:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1926

RP: -> 2012-09-25 07:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1925

RP: -> 2012-09-24 07:20 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1924

RP: -> 2012-09-23 06:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1923

RP: -> 2012-09-22 06:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1922

RP: -> 2012-09-21 20:02 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1921

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2047.3 MB
Available physical RAM: 1758.82 MB
Total Pagefile: 1878.03 MB
Available Pagefile: 1807.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.18 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (HP_PAVILION) (Fixed) (Total:185.45 GB) (Free:15.36 GB) NTFS ==>[Drive with boot components (Windows XP)]
9 Drive i: (HP_RECOVERY) (Fixed) (Total:4.45 GB) (Free:0.37 GB) FAT32 ==>[Drive with boot components (Windows XP)]
11 Drive k: (HITMANPRO) (Removable) (Total:14.5 GB) (Free:14.48 GB) FAT32
12 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 190 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 4570 MB 32 KB
Partition 2 Primary 185 GB 4570 MB
=========================================================

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 I HP_RECOVERY FAT32 Partition 4570 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C HP_PAVILION NTFS Partition 185 GB Healthy
=========================================================
==================== End Of Log ============================

#30
Aaron

Posted 28 December 2012 - 05:48 PM

Expert

Expert
3,155 posts

Ok, let's hope checkdisk did a good job

Let's try again to replace those files. It's the same instruction, but I'll quote it here again:

I'll try that other tool we used before:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the flashdrive as fixlist.txt

Unlock: C:\WINDOWS\System32\autochk.exe
Replace: C:\WINDOWS\$NtServicePackUninstall$\autochk.exe C:\WINDOWS\System32\autochk.exe
Unlock: C:\WINDOWS\system32\alg.exe
Replace: C:\WINDOWS\ServicePackFiles\i386\alg.exe C:\WINDOWS\system32\alg.exe
Unlock: C:\WINDOWS\system32\audiosrv.dll
Replace: C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll C:\WINDOWS\system32\audiosrv.dll

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system On Vista or Windows 7

Now please boot with the OTLPE cd as you did before.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.